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AUTHENTICATION METHOD AND SYSTEM USING IC CARD 

FIELD OF THE INVENTION 

The present invention relates to a method and system for 
authenticating network access entities using an IC card or 
smart card which contains an IC chip with a microprocessor, 
memories and arithmetic functions. Particularly, the present 
invention relates to an authentication method and system in a 
client/server communication configuration in which a plurality 
of clients (users) communicate with one or more servers located 
far from the clients. 

DESCRIPTION OF THE RELATED ART 

In the communication configuration such as WWW (World Wide 
Web) of Internet, before a user or client communicates with a 
server, mutual authentication is first executed to confirm 
legitimation of the user and the server with each other. In 
such mutual authentication, it is very effective to use an IC 
card with the microprocessor in order to increase user's 
convenience and security. 

The mutual authentication using the IC card is in general 
executed by verifying, at each establishment of connection, 
user authentication information calculated in the IC card and 
provided to an application server to achieve user 
authentication, and by verifying server authentication 
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information calculated in the application server and provided 
to the IC card or the user terminal to achieve server 
authentication. Thus, legritimat ion of the user and the server 
are confirmed with each other to prevent illegal connection 
from a third party. 

In the connectionless type communication such as the 
Internet communication or in the transaction processing- In 
which a job accompanies with establishment/release of a 
plurality of connections, it is necessary to frequently confirm 
authentication. Namely, in the former connectionless type 
communication, the authentication using- an IC card will be 
requested each time information is received and/or transmitted, 
whereas in the latter transaction processing, the 
authentication using an IC card will be also requested every 
time connection is established. 

However, the IC card needs a relatively long time (several 
seconds) for operation from a time when the user terminal 
connected with this IC card requests a calculation to a time 
when the user terminal receives the calculation result from the 
IC card. Thus, if the authentication using the IC card is 
executed many times at close intervals, it will take extremely 
iong time for authentication process. 

SUMMARY OF THE INVENTION 

• It is thererore an object of the present invention to 



provide a method and system for authenticating between network 
access entities using an IC card, whereby a high speed or good 
response authentication with keeping security can be provided. 

According to the present invention, a method of 
authenticating between a user or client and a network access 
entity such as a server or another client using an ic card is 
provided. This method includes a step of executing an initial 
authentication using the IC card when the user first 
communicates with the network access entity, a step of commonly 
holding authentication information in both the user and the 
network access entity if the initial authentication achieves 
success, and a step of executing a re-authentication using the 
commonly held authentication information without using the IC 
card when the user communicates again with the same network 
access entity within a predetermined period of time after the 
last authentication. 

Also, according to the present invention, a system for 
authenticating between a user or client and a network access 
entity such as a server or another client using an IC card is 
provided. The system includes a unit for executing an initial 
authentication using the IC card when the user first 
communicates with the network access entity, a unit for 
commonly holding authentication information in both the user 
and the n«twork access entity if the inicial authentication 
achieves success, and a unit for executing a re-au then l i cat ion 




usinff the commonly held authentication information without 
using- the IC card when the user communicates again with the 
same network access entity within a predetermined period of 
time after the last authentication. 

After the user once executed a successful authentication 
with the network access entity using the IC card, when the user 
communicates again with the same network access entity within a 
predetermined period of time after the last authentication, no 
calculation in the IC card is carried out for authentication 
but the calculation is executed within a user terminal. Thus, 
according to the present invention, an extremely effective and 
high speed authentication can be realized. 

Also, since the authentication information which is the 
result of the initial authentication and is commonly stored in 
both the user and the network access entity are used for the 
re-authentication, no additional authentication information 
will be necessary to be preliminarily and commonly held in the 
user and the server before the authentication. Thus, the 
authentication method and system according to the present 
invention can be easily used in a wide area network. 

It is preferred that, the initial authentication is an 
authentication using a public key cryptographic technique, and 
the re-authenc ica t ion is an au t hen t icat ion us ing a secret key 
cryptographic techniciue. 

Jt is also |)rel'errecl i.hai, the initial authen t icai Lon is 
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executed when the user has not the authentication information, 
and the re-authentication is executed when the user has the 
authentication information. 

It is preferred that the initial authentication is 
executed instead of the re-authentication when the 
predetermined period of time has passed after the last 
authentication . 

Preferably, the authentication information is encrypted 
and the encrypted authentication information is sent between 
the user and the network access entity. 

Also, preferably, the authentication information is 
updated to have different values at each time and the updated 
authentication information is sent between the user and the 
network access entity. 

Further objects and advantagres of the present invention 
will be apparent from the following description of the 
preferred embodiments of the invention as illustrated in the 
accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 illustrates a simple configuration of a preferred 
embodiment of an authentication system using an IC card 
according to the present invention; 

Fig. 2. which is combined by Figs. 2A and 213, is a block 
diagram schematically i lius trat ing a circuitry conriguraUon of 




the authentication system shown in Fig*, 1; 

Fi^. 3 is a flow chart illustrating: a process control 
protocol of an authentication processing control unit in a user 
terminal shown in Fig, 1; 

Fig:. 4. which is combined by Figs, 4A to 4E , is a flow 
chart illustrating: an initial authentication protocol In 
accordance with the embodiment shown in Fig-. 1; 

Fig:. 5, which is combined by Fig-s. 5A to 5C, is a flow 
chart illustrating- a re-auther t icat ion protocol in accordance 
with the embodiment shown in Fig, 1; and 

Fig. 6 is a flow chart illustrating a nullifying 
processing protocol in accordance with the embodiment shown in 
Fig. 1. 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 

In Fig. 1 which schematically illustrates the simplest 
configuration of the preferred embodiment of the authentication 
system according to the present invention, reference numeral 10 
denotes an IC card or smart card of a user or client, which 
card contains an IC chip with a microprocessor, memories and 
arithmetic functions, and 11 denotes a card reader/writer for 
the IC card. The card reader/writer 11 is connected to a 
terminal 12 of a user or client. This user terminal 12 can be 
connected to an application server. 14 via a communication line 
13. 



Fig. 2 schematically illustrates the circuitry 
configuration of the authentication system shown in Fig. i . as 
Shown in this figrure. the user terminal 12 is provided with an 
IC card control unit 12a for controlling operation of the IC 
card 10 inserted in the reader/writer ii. an initial 
authentication processing unit 12b for executing an initial 
authentication or first authentication protocol, a re- 
authentication processing unit 12c for executing a re- 
authentication or second authentication protocol, the 
authentication processing control unit I2d for judging which of 
the initial authentication processing unit 12b or the re- 
authentication processing unit 12c is to be accessed, an 
authentication information memory unit I2e for storing 
authentication information with respect to respective 
communication partners (servers), and a communication unit 12f. 

The application server 14 is provided with a communication 
unit 14a. an initial authentication processing unit I4b for 
executing an initial authentication or first authentication 
protocol, a re-authentication processing unit 14c for executing 
a re-authentication or second authentication protocol, and an 
authentication information memory unit I4d for storing 
authentication information with respect to respective user or 
client terminals. 

Fig. 3 iliustrai.es the process control protocoJ of the 
authentication processing: control unit 12d in the user terminal 
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12, In the connect ioniess type communication such as the 
Internet communication or in the transaction processing- in 
which a job accompanies with establishment/release of a 
plurality of connections, each time information is received 
and/or transmitted or each time connection is established, an 
authentication processing from the terminal of the user A, 
illustrated in Fig. 3, starts. Alternately, the authentication 
processing may be started from the server B. 

First, at step SI, it is judged whether authentication 
information between the user A and its communication partner 
(server) B is already stored in the memory unit 12e in the 
terminal 12 of the user A or not. As will be described later, 
the memory unit 12e in the user terminal 12 will have the 
authentication information with respect to the server B 
(communication key CK , transaction numbers TransIDABj and 
TransIDBAj) together with its identity (ID) if an initial 
mutual authentication between the user A and the server B has 
achieved success. 

If no authentication information is stored in the memory 
unit 12e. it is judged that this is an initial authentication 
process ing ( including a case where a predetermined period of 
time lias passed after the last authentication) and thus the 
initial authentication protocol using a public key 
cryptographic techniques is performed at step S2 . Contrary to 
tills, if Llic memory unit ] 2e has an authentication in format: ion 
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with respect to the server B. the re-authentication protocol 
using a secret key cryptographic techniques is performed at 
step S3. 

Fig. 4 illustrates flow of the initial authentication 
protocol making the use of the public key cryptographic 
techniques. The following is operations of the initial 
authentication processing units 12b and 14b in the terminal 12 
of the user A and the server B. respectively. 

First, at step S200, the terminal 12 of the user A gets an 
identity IDA of this card user A from the IC card 10. In the 
IC card 10, a public key certificate CertA of the user A and a 
secret key SA (for the public key cryptography) of the user A 
have already been stored other than the identity IDA of the 
user A. As is well known, the public key certificate is 
information for certificating a user's public key by a 
certification authority, in other words, is information which 
can verify legitimation of the public key PA of the user A, for 
example . 

At the next step S201. the user terminal 12 requests for 
generation of a deciphered prover information to the IC card 
10. This request is performed by obtaining current time 
information TA from the terminal itself, combining this TA with 
Che user identity J DA to generate a prover information TA ! i 1 DA . 
and sending the generated prover inrorniation TA I I 1 OA i:o the 
III i c roprocossor In thc! IC card 10. 



At step S202, the IC card 10 deciphers the prover 
information sent from the terminal 12 in accordance with the 
public key cryptogrraphy using: the secret key SA of the user A. 
The deciphered result sSA(TA||lDA) is sent to the terminal 12 
at step S203. 

Then, at step S204, the user terminal 12 gets the public 
key certificate CertA of the user A from the IC card 10. At 
step S205. the prover information TAN IDA. the deciphered 
prover information sSA(TAIlIDA) and the public key certificate 
CertA are combined, and then the combined result 
TAI I IDAI I sSA(TA| I IDA) 1 iCertA is sent to the server B. 

Then, the server (verifier) B verifies legitimation of the 
public key certificate CertA of the user A. and obtains the 
public key PA of this user A, at step S206. At the next step 
S207. the server B verifies the deciphered prover information 
sSACTAI I IDA) . Namely, at the step S207. the server B enciphers 
the deciphered prover information sSA(TA| IIDA) using the public 
key PA of the user A. and compares the enciphered result 
sPA(sSA(TA| I IDA) ) with the prover information TAI I IDA sent from 
the user terminal 12. 

At step S208. it is judged whether the user (prover) A is 
successfully authenticated by the server B or not. in 
accordance with the result of the comparison. Namely, if the 
both results coincide with each other, the user is 
authenticated and ther^Tore the server authentication 
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processing is started from step S209. Otherwise, it is judged 
that the connection request from an illegal user occurs and 
thus the process is aborted. 

At step S209. the server B obtains current time 
information TB. and then combines this TB with a server 
identity IDB to generate a prover information TBMIDB. 

At step S210. the server B deciphers the prover 
information TBI IIDB in accordance with the public key 
cryptography using the secret key SB of the server B to 
generate a deciphered result sSB(TB I I IDB) . 

At step S211. the server B generates a communication key 
CK based upon random number information, and then enciphers the 
generated communication key CK using the public key PA of the 
user A. Thus, enciphered communication key sPA(CK) is 
obtained. 

At the next step S212. the server B generates two kinds of 
initial transaction numbers which will be used in a re- 
authentication or second authentication processing described 
later, namely generates an initial transaction number 
TransIDABj^ used for authenticating the user A and an initial 
transaction number TransIDBA;^ used for authenticating the 
server B. Thereafter, the server B combines the generated 
transaction numbers and then enciphers the combined result 
using the communication key CK to produce an enciphered initial 
transaction number liCK { Trans I OAIJ ^ t I Trans 1 DBA, ) . 
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Then, at step S213, the server B stores the identity IDA 
of the communication partner (user A) who is authenticated by 
this server B, the communication key CK, the transaction 
numbers TransIDABj and TranslDBAj ( j =1 , 2 . 3 , . . . ) which will be 
in this first case the initial transaction numbers TransIDAB-j^ 
and TransIDBAj^, and the current time Tl into the memory unit 
14d. The server B stores authentication information 
(identities, communication keys , transaction numbers for user 
authentication, transaction numbers for server authentication, 
and last access time) for respective users in the memory unit 
14d as shown in Table 1 and manag-es them. In Table 1. CK^ 
(-CK) and CKq indicate communication keys of the users A and C, 
TransIDBCj and TransIDCBj indicate transaction numbers used in 
the authentication with the user C, and Tl^ (=T1) and Tl^- 
indicate the last access times used in the authentication with 
the users A and C, respectively. 



Table 1 



User ID 



IDA 
IDC 



Communi 
-cat ion 
key 



CK- 



Transaction no. 
for server 
authentication 



TransIDBAi 



TransIDBC. 



Transaction no 
for user 
authentication 



Last 
access 
t ime 



Trans I DAB J 
TransIDCB,- 



Tl. 



Tl, 



At step S214, the server B combines the prover information 
TBIIIDB. the deciphered result thereof sSB(TB I I IDB ) . the public 
key certificate of the server B CertB. the enciphered 
communication key sPA(CK) and the enciphered initial 
transaction number ECK(TransIDABi I iTransIDBAi ) , and sends the 
. combined result to the terminal of the user A. 

The terminal of the user (verifier) A verifies 
legitimation of the public key certificate CertB of the server 
B. and obtains the public key PB of this server B. at step 
S215. At the next step S216. the terminaJ of the user A 
verifies the deciphered prover information sSB ( TM I I 1 on ) . 
Namely, at the .step S216. the user terminal enciphers i.he 
deciphered prover information sSB(TBIlIi)B) usinff the public key 



PB of the server B, and compares the enciphered result 
sPB(sSB{TBI I IDB) ) with the prover information TBIIIDB sent from 
the server B . 

At step S217, it is judged whether the server (prover) B 
is successfully authenticated by the user A or not, in 
accordance with the result of the comparison. Namely, if the 
both results coincide with each other, the server is 
authenticated and therefore the process at the next step S218 
is executed- Otherwise, it is judged that the connection 
request from an illegal user occurs and thus the process is 
aborted . 

At the next step S218 which will be executed after both 
the user A and the server B are authenticated with each other, 
the terminal 12 of the user A requests the IC card 10 to 
provide a communication key. In fact, the terminal 12 sends 
the enciphered communication key sPA(CK) to the IC card 10. 

Thus, the IC card 10 deciphers the enciphered 
communication key sPA(CK) from the terminal 12 using the secret 
key SA of the user A which has been stored in the IC card 10 to 
produce a communication key CK . at step S219. The produced 
communication key CK is sent to the terminal 12 at stop S220- 

At the next step S221, the l:erminal 12 deciphers t:he 
enciphered initial t: ran.sac t i on number 

1::CK (Trans IDA I IT ran s I DBA p ns i nji: the recc i ved cornmun i cai. i on 
k(?y CK to produce the 1 n i i: i a I t ransaci: ion nurnbc^rs IVanslDAB^ 
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and TransIDBAjL- 

Then, at step S222, the terminal 12 stores the identity 
IDB of the communication partner (server B) with whom mutual 
authentication has been executed, the communication key CK. and 
the transaction numbers TransIDABj and TransIDBAj ( j =1 . 2 . 3 . . . . ) 
which will be in this first case the initial transaction 
numbers TransIDAB^ and TransIDBAj into the memory unit 12e of 
this terminal 12. The terminal 12 stores authentication 
information (identities, communication keys, transaction 
numbers for user authentication, and transaction numbers for 
server authentication) for respective servers in the memory 
unit 12e as shown in Table 2 and manages them. In Table 2. IDD 
indicates an identity of a server D. CKg ( =CK ) and CKp indicate 
communication keys of the servers B and D. and TransIDDAj and 
TransIDADj indicate transaction numbers used in the 
authentication with the server DC. respectively. 
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Table 2 





Communi 


Transaction no. 


Transaction no. 


User ID 


-cation 


for server 


for user 




key 


authentication 


authentication 


IDB 


CKb 


Trans IDBAj 


TransIDABj 


IDD 




Trans IDDAj 


Trans IDADj 



With the above-mentioned processes, the initial 
authentication is completed. 

Fig", 5 illustrates flow of the re-authentication protocol 
making- the use of the secret key cryptog-raphic techniques. 

In this embodiment, the re-authentication or second 
authentication represents an authentication when the user A 
intends to be connected again with the same server B after the 
user A and the server B once mutually authenticated with each 
other using the IC card. In the re-authentication, an mutual 
authentication is executed by using two kinds of transaction 
numbers TransIDABj and TransiDBA| ( j = 1 , 2 ,3 . , . . ) which are 
provided in both the user A and the server B. Namely, as. 
aforementioned, after the initial, authentication is executed. 
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the user A holds the identity IDB of the server B. the 
communication key CK and the transaction numbers TransIDABj and 
TransIDBAj in the memory unit 12e. whereas the server B holds 
the identity IDA of the user A, the communication key CK. the 
transaction numbers TransIDABj and TransIDBAj and the last 
access time Tl in the memory unit 14d. 

The encryption method used in the re-authentication 
processing: is the secret (common) key cryptographic techniques 
which is capable of high speed processing. The following is 
operations of the re-authentication processing units 12c and 
14c in the user terminal 12 of the user A and the server B when 
the user A and the server B are connected at jth round after 
the initial authentication, respectively. 

First, at step S300. the terminal 12 of the user A updates 
the transaction number for user authentication. Namely. 
TransIDABj is updated to a next order's transaction number 
using a private function f. The server B is also provided with 
this function f. The function f is preferably a private 
function for confidentiality, but public function can be 
utilized as for the function f. The above-mentioned updation 
will be represented as TransIDABj^^ = f ( Trans I DAB ^ ) . 

The updated transaction number TransIDABj^^ is enciphered 
usin^^ i:he communication key CK , and the enciphered transaction 
number KCK ( Trans I DAI3 j ^ p is combined with the jdentji:y IDA of 
Lhe user A at th(> user t.erniinaJ 1.2. Then, the combined rosnl.i. 



is sent to the server B at step S301. 

At step S302, the server B confirms whether the initial 
authentication is effective in .this re-authentication or not » 
namely whether this re-authentication is executed within an 
effective period of time or not. To put it concretely, the 
server B derives the last access time Tl (=Tly^) of the user A 
from the memory unit 14d and compares it with the current time 
T. If T-Tl is shorter than a predetermined time e , it is 
judg-ed that the initial authentication is effective and the 
successive processing of the re-authentication is continued. 
If T-Tl is equal to or longer than the predetermined time e , 
it is judged that the initial authentication is invalid and a 
nullifying protocol shown in Fig. 6 is executed. 

At the next step S303, the server B searches its memory 
unit 14d using the identity IDA of the user A as a search key, 
to get the communication key CK , the transaction number for 
user authentication TransIDABj and the transaction number for 
server authentication TransIDBAj . 

Then, at step S304. the server B verifies the received, 
enciphered transaction number for user authentication 
ECK(TransIDAB j ) . Namely, the server B deciphers the 
enciphered transaction number for user authentication 
ECK(TranslDAB j ) using the obtained comniun icat i on key CK to 
produce OCK ( ECK ( Trans IDAB j ^ -,)) , and then updates the 
transaction number Tor user authentication 'IVanslDAB: st:ored in 
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the memory unit I4d to a next order's transaction number using- 
the private function f. This updation is represented as 
TransIDABj^l = f (Trans IDABj ) . Thereafter, the this updated 
transaction number TransIDABj^i is compared with the deciphered 
authentication number DCK( ECK( Trans ID ABj )) . 

At step S305. it is judged whether the user (prover) A is 
successfully authenticated by the server B or not. in 
accordance with the result of the comparison. Namely, if the 
both results coincide with each other, the user is 
authenticated and therefore the server authentication 
processing is started from step S306. Otherwise, it is judged 
that the connection request from an illegal user occurs and 
thus NG is sent to the terminal 12 of the user to abort the 
process . 

At step S306. the server B updates the last access time Tl 
to the current time T. Then, at step S307. the server B 
updates the transaction number for server authentication 
TranslDBAj stored in the memory unit 14d to a next order's 
transaction number using the private function f. This updation 
is represented as TransIDBAj^^ = f (TranslDBAj ) . 

Thereafter, at step 5308. the this updated transaction 
number Trans 1 DBA- , , for server authentication is enciphered 
using the conimunicai. ion key (;k. The enci phered transaction 
number 1-CK ( Trans I I3BA ) and Uic identity IDB of the server 13 
are combined and senr. to the l;erininaJ J2 of the user A. at step 



S309. 

The terminal 12 of the user A verifies the received 
enciphered transaction number ECK(TransIDBAj ^-j^ ) for server 
authentication at step S310. Namely, the terminal of the user 
A searches its memory unit 12e using the identity IDB of the 
server B as a search key, to get the communication key CK and 
the transaction number for server authentication Trans IDBAj . 
Then, the user terminal deciphers the received enciphered 
transaction number for server authentication ECK (Trans I DBAj ^ ) 
using the obtained communication key CK to produce 
DCK(ECK(TransIDBAj ) ) , and then updates the transaction number 
for server authentication TranslDBAj stored in the memory unit 
12e to a next order's transaction number using the private 
function f. This updation is represented as Trans IDBAj ^ -j = 
f (Trans IDBAj ) . Thereafter, the this updated transaction number 
TranslDBAj ^-^ is compared with the deciphered authentication 
number DCK(ECK(Trans IDBAj ^ )) . 

At step S311, it is judged whether the server (prover) B 
is also successfully authenticated by the user A or not, in 
accordance with the result of the comparison. Namely, if the 
both results coincide with each other, the server is also 
authenticated and OK is sent to the server B, as we.U. as the 
transaction numbers stored in the memory unit 1 2e are updated 
to TransiDAI3 j ^ 1 and Tran s I IJliA j ^ ^ , res pec t i ve J.y . - Ot:licrwise, it: 
is judged tliat the connection request from an iJJega! nsc:r 
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occurs and thus NG is sent to the server B to abort the 
process. 

At step S312. only when the server authentication is made 
success, namely only when the server receives OK from the user 
terminal 12. the server B updates the transaction numbers 
stored in the authentication information memory unit I4d to 
TransIDABj.,3^ and Trans IDBAj . respectively. 

With the above-mentioned processes, the re-authentication 
is completed. 

Fig. 6 illustrates the nullifying processing protocol 
described in the flow shown in Fig. 5. 

At the step S302 of Fig. 5. if it is judged that the 
initial authentication is invalid, the server B deletes 
authentication information of the user A. namely, the 
coramunication key CK . the transaction numbers TransIDABj and 
TransIDBAj- and the last access time Tl which are stored in the 
memory unit l4d at step S400. 

Then, at step S401. the server B informs to the user A 
that the initial authentication is now ineffective. 

Thus, the user A deletes the authentication information 
with respect to the server B. namely the communication key CK 
and tl.e transaction numbers TranslDAB, and TransIDBAj. stored 
in the memory unit: l2e. at step S402 . Thereafter, at step 
S403. the initiaj authentication processing illustrates] in Pig. 
4 is starced again. 
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As aforementioned, in the initial authentication, a strict 
authentication which can be used in a wide area network is 
executed in accordance with the public key cryptog-raphic method 
using- the IC card, while in the re-authentication, a high speed 
authentication is executed in accordance with the secret key 
cryptographic method by means of a software without using: the 
IC card. Therefore, according to the present invention, an 
extremely effective and high speed authentication can be 
realized. 

Also, since the transaction IDs and the communication key 
which is the result of the initial authentication and is 
commonly stored in both the user and the server are used for 
the re-authentication, no authentication information will be 
necessary to be preliminarily and commonly held in the user and 
the server before the authentication processing. Thus, the 
authentication method according to the present invention can be 
easily used in a wide area network. 

Furthermore, according to the present invention, since 
both the initial auLiient icat ion and re-au thent icat: ion are 
executed, the security can be improved. In addition, according 
to the present invention, since the transaction ID used in the 
re-au t.lien t i cat [on is cMiciphcrod an(i alsc^ npdatCMi t:o liavc 
dirfcreni. vaJne ai. (^acii t. iiiic^, p(:)ssil).lo J tnpc r sonai: i on ar.i:acks 
and/or rv.olny at. lacks can \)C) c f f'c^c: t i vo I y f)rcvont(Mi rc^siiM. ing 
exi,r<nucl.y h i j^h sccuriiv. If a |3rival.c^ i'uncl. i<Mi is nscd Cor l.lic* 




function of updating the transaction ID. the security can be 
further increased. 

In the aforeojentionecl initial authentication, the public 
key cryptographic method is utilized. However, another 
cryptographic methods other than public key cryptography can be 
used at penalties in wide area network characteristics. 
Furthermore, in the aforementioned embodiment, mutual 
authentications are executed in both the initial authentication 
and the re-authentication. However, the initial authentication 
and/or the re-authentication according to the present invention 
may be achieved by either the user authentication or the server 
authent icat ion . 
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CLAIMS 

1. A method of authenticating between a user and a network 
access entity using an IC card, comprising- the steps of: 

executing an initial authentication using the IC card when 
the user first communicates with the network access entity; 

commonly holding authentication information in both the 
user and the network access entity if the initial 
authentication achieves success: and 

executing a re-authentication using said commonly held 
authentication information without using the IC card when the 
user communicates again with the same network access entity 
within a predetermined period of time after the last 
authentication. 



2. The method as claimed in claim 1. wherein said initial 
authentication is an authentication using a public key 
cryptographic technique, and wherein said re-authentication is 
an authentication using a secret key cryptographic technique. 

3 . Hie niuthod cis cXaimed in claim 1 or 2, «diereln f^-irj ixiitial 
autheiiuication Is executed when the user has not, said 
aui:hGnt i cat ion i n lo rmat i on , and saicJ r(?-aiit;hern. i cat i on is 
executed when the: user has said authenUcation information. 

4 Hje method as uLaimed in claim 1, 2 or 3. wtiexBin said inicial 
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authentication is executed instead of the re-authentication 
when the predetermined period of time has passed after the last 
authentication. 

5 . The method as claimed in any of the preceding claims, wl)erein said 
authentication information is encrypted and the encrypted 
authentication information is sent between the user and the 
network access entity. 

6 . The method as claimed in any o±" the prEceding clains, wherein said 
authentication information is updated to have different values 
at each time and the updated authentication information is sent 
between the user and the network access entity. 

7. A system for authenticating: between a user and a network 
access entity using an IC card, comprising-: 

means for executing an initial authentication using the IC 
card when the user first communicates with the network access 
entity: 

means for commonly holding authentication information in 
both the user and the network access entity if the initial 
authentication achieves success; and 

means for executing a re-authentication using said 
commonly held authentication information without usin^r the IC 
card when the user communicates again with the same network 




access entity within a predetermined period of time after the 
last authentication. 

8. The system as claimed in claim 7, wherein said initial 
authentication is an authentication using a public key 
cryptog:raphic technique, and wherein said re-authentication is 
an authentication using a secret key cryptographic technique. 

9 . The system as claimed in claim 7 cr 8, vjherein saiii initial 
authentication is executed when the user has not said 
authentication information, and said re-authentication is 
executed when the user has said authentication information. 

10 . Ite system as claimed in claim 7, 8 or 9, ^^tierein scLid initial 
authentication is executed instead of the re-authentication 
when the predetermined period of time has passed after the last 
authentication. 

11 , TTie system as claimed in any of claims 7 to 10, wherein said 

authentication information is encrypted and the encrypted 
authentication information is sent between the user and the 
network access entity. 



12 . The system as claixned in any of claims 7 to 11. v*iereln said 

authentication in rormai; i on Is ijpdatod to have dif'forcMit vain 



at each time and the updated authentication information is sent 
between the user and the network access entity. 
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Amendments to the claims have been filed as follows 

1. A method of authenticating: between a user and a network 
access entity using an IC card, comprising the steps of: 

executing an initial authentication using- the IC card when 
the user first communicates with the network access entity; 

commonly holding authentication information in both the 
user and the network access entity if the initial 
authentication achieves success; and 

executing a re-authentication using said commonly held 
authentication information without using the IC card when the 
user communicates again with the same network access entity 
within a predetermined period of time after the last 
authentication. 

2. The method as claimed in claim l. wherein said initial 
authentication is an authentication using a public key 
cryptographic technique, and wherein said re-authentication is 
an authentication using a secret key cryptographic technique. 

3. Tlie niotliod an claimed in claim 1 or 2, wherein said initial 
authentication is executed when the user does not have said 

aiii.lieii f. i c;ai. i on i ii ifjriiiat, i on . aiifl sai(J -an i: iKjrj r. i car. i on is 
(.•xc^ciii.CM.i whrMi i.h(; user iia.s said an i. h cii i. i ca i, i on i n lo rma V. i on . 

4 . Tlie nechod cis claimed in claim 1, 2 or 3, wtierein said initial 
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access entity within a predetermined period of time after the 
last authentication. 
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The system as claimed in claim 7. wherein said initial 
authentication is an authentication usin^ a public key 
cryptographic technique, and wherein said re-authentication is 
an authentication .,^sing: a secret key cryptographic technique. 

9. The system as claiiT«3 in claim 7 cr 8, wherein said initiiial 
authentication is executed when the user does not have said 
authentication information, and said re-authentication is 
executed when the user has said authentication information. 

10 . The syst«n as claimed in claim 7, 8 or 9, wheiein said initial 
authentication is executed instead of the re-authentication 
When the predetermined period of time has passed after the last 
authentication. 

11. Tt^ system as claimed isx any of claims 7 to 10, wherein said 

authentication information is encrypted and the encrypr.ed - 
authentication Infor-mauion is sent between th. nser and the 
network accoys cm. ii.y. 



12 . The system as claimed in any cf claiire 7 to 11, wtierein said 



at each time and the updated authentication information is 
sent between the user and the network access entity. 

13. A method of authenticating between a user and a 
network access entity using an IC card substantially as 
hereinbefore described with reference to the accompanying 
drawings. 

14. A system of authenticating between a user and a 
network access entity using an IC card substantially as 
hereinbefore described with reference to the accompanying 
drawings . 
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